MORPHISEC CYBER LAB

ADVANCED ATTACKS PREVENTED AND INVESTIGATED

TOR/FIREFOX ZERO-DAY

This FireFox zero-day made headlines when TOR users that fell victim to the attack lost the one thing they were looking for: anonymous browsing. Speculation ran rife that the exploit may have been created by the FBI or another governmental agency. Although Mozilla and Tor pushed out an emergency patch fairly quickly, their users remained exposed for a critical period of time - unless those systems had Morphisec installed.

Morphisec easily prevented this exploit in another demonstration of the powerful prevention capabilities at the core of Morphisec’s Moving Target Defense technology. Watch the video to see how.

CVE-2015-2545 STILL BEING EXPLOITED

CVE-2015-2545 is the vulnerability that just keeps on giving. Microsoft patched the flaw in November 2015, but cyber criminals and APT groups continue to successfully use the exploit to gain a foothold in targeted systems.

Morphisec customers have no reason to worry. In any variant, Morphisec stops the attack at the very beginning of the killchain.

CARBANAK - THE GREAT BANK ROBBERY

The Carbanak APT group is one of the most notorious cybercriminal groups to target the Financial sector. Around 100 financial institutions in approximately 30 countries have fallen victim to it, losing nearly $1 billion.

Carbanak attacks begin with malware infected documents attached to plausible emails sent to targeted bank employees. Once activated, the document delivers the malware, usually by exploiting an unpatched Office application vulnerability, in this case Microsoft Word.

Watch the video and see how Morphisec prevents the Carbanak attack right at the beginning of the kill chain.

BEWARE OF MALICIOUS PDFs

Malicious PDFs are an efficient “distribution channel” for malicious code to be delivered to the victims.

The exploit sample used by the Morphisec researcher here leverages a sandbox evasion technique to escape automatic detection: It is not the opening of the PDF that triggers the attack, it is clicking “OKAY” on the “File not found” error message that activates the exploit.

The endpoint in this video was protected by a well-regarded anti-virus with its latest update installed, yet that software did not identify the exploit. Signature detection approaches are always a step behind the attacker.

ANGLER EXPLOIT KIT - FISHING FOR CYBER VICTIMS

Exploit kits, toolkits with packaged exploit codes sold on the black market, enable almost anyone to become a cybercriminal.The Angler Exploit Kit, one of the most popular, leverages application vulnerabilities to infect end-user devices by injecting redirection scripts or iframes into compromised websites.

The exploit kit runs through a list of potential vulnerabilities to leverage on the end-user’s machine, such as in the browser or its plug-ins. FLASH has been an open door for hackers for quite some time.

Watch our video to see how Morphisec protects you against the Angler Exploit Kit using Flash.